Monday, July 1, 2024

BASIC Linux Security Audit P03 - Limit virtual console root access

VIRTUAL CONSOLES (TTY - TeleTypeWriter)

When starting linux, we can access 7 virtual consoles by using the key combinations. That is done on the login screen, without and before logging in.

       $ Ctrl-Alt Fn (F1, F2, F3)
       

The config of these are in:  { Config --> /etc/pam.d/ }
    
    $ grep "^[^#;]" /etc/pam.d/login
        # in the auth(entication) section we can see 3 modules
            - pam_securetty.so
            - system-auth
            - postlogin
    

EMPTY THIS FILE:

    $ echo /etc/securetty

Possible root login -> /etc/securetty        
        # by emptying this file, we un-authorize root to connect directly to any virtual consoles
        # however, we can still connect with another user, then pass '$ su' to get to root
        # this is again just a little slowing down of attacks         

CHANGE Min Time between failed passwd attempts:

    $ nano /etc/pam.d/system-auth
        auth        required      pam_faildelay.so delay=2000000


                # time delay of unsuccessful logins
                # add a 0, so instead of 2 sec, it would be 20
                # this will slow down dictionary-attack-robots drastically

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Sharepoint sync and lock issues - solutions

 Sharepoint synced down to your PC by onedrive can have a ton of errors. It is caused by the simple dis-functionality of this badly thought ...